Make ps_nargvstr and ps_nenvstr unsigned. This fixes an input

validation error in procfs/linprocfs that can be exploited by local
users to cause a kernel panic.  All versions of FreeBSD with the patch
referenced in SA-04:17.procfs have this bug, but versions without that
patch have a more serious bug instead.  This problem only affects
systems on which procfs or linprocfs is mounted.

Found by:	Coverity Prevent analysis tool
Security:	Local DOS

2 files changed, 4 insertions, 4 deletions

diff --git a/sys/amd64/linux32/linux32_sysvec.c b/sys/amd64/linux32/linux32_sysvec.c
index be4c6cc..8e0fc95 100644
--- a/sys/amd64/linux32/linux32_sysvec.c
+++ b/sys/amd64/linux32/linux32_sysvec.c
@@ -207,9 +207,9 @@ static int _bsd_to_linux_trapcode[] = {
 
 struct linux32_ps_strings {
 	u_int32_t ps_argvstr;	/* first of 0 or more argument strings */
-	int	ps_nargvstr;	/* the number of argument strings */
+	u_int ps_nargvstr;	/* the number of argument strings */
 	u_int32_t ps_envstr;	/* first of 0 or more environment strings */
-	int	ps_nenvstr;	/* the number of environment strings */
+	u_int ps_nenvstr;	/* the number of environment strings */
 };
 
 /*
diff --git a/sys/sys/exec.h b/sys/sys/exec.h
index 07becaf..8c95c36 100644
--- a/sys/sys/exec.h
+++ b/sys/sys/exec.h
@@ -48,9 +48,9 @@
  */
 struct ps_strings {
 	char	**ps_argvstr;	/* first of 0 or more argument strings */
-	int	ps_nargvstr;	/* the number of argument strings */
+	unsigned int ps_nargvstr; /* the number of argument strings */
 	char	**ps_envstr;	/* first of 0 or more environment strings */
-	int	ps_nenvstr;	/* the number of environment strings */
+	unsigned int ps_nenvstr; /* the number of environment strings */
 };
 
 /*